RESOLVED FIXED 279523
[WPE] Web Process crashes in WebCore::GLContext::swapBuffers when USE_SKIA=ON 
https://bugs.webkit.org/show_bug.cgi?id=279523
Summary [WPE] Web Process crashes in WebCore::GLContext::swapBuffers when USE_SKIA=ON
Yury Semikhatsky
Reported 2024-09-11 10:31:52 PDT
While trying to enable Skia in Playwright builds of WebKit we noticed that mobile viewport tests[1] started crashing intermittently (seems to be a race). The tests emulate fixed layout mode with custom viewport size. Here is the stack trace (from ubuntu 22.04): ``` (lldb) bt * thread #1, name = 'WPEWebProcess', stop reason = signal SIGSEGV: invalid permissions for mapped object * frame #0: 0x000077dfb8daefb3 libc.so.6`__memcpy_evex_unaligned_erms at memmove-vec-unaligned-erms.S:543 frame #1: 0x000077dfab5e0a01 libEGL_mesa.so.0`___lldb_unnamed_symbol972 + 305 frame #2: 0x000077dfab5e0d4c libEGL_mesa.so.0`___lldb_unnamed_symbol973 + 92 frame #3: 0x000077df59eb58f9 swrast_dri.so`___lldb_unnamed_symbol3221 + 41 frame #4: 0x000077df59eb5b5e swrast_dri.so`___lldb_unnamed_symbol3225 + 302 frame #5: 0x000077dfab5de8cf libEGL_mesa.so.0`___lldb_unnamed_symbol948 + 47 frame #6: 0x000077dfab5d5df5 libEGL_mesa.so.0`___lldb_unnamed_symbol799 + 69 frame #7: 0x000077dfab5c9af5 libEGL_mesa.so.0`___lldb_unnamed_symbol623 + 565 frame #8: 0x000077dfc5937cc8 libWPEWebKit-2.0.so.1`WebCore::GLContext::swapBuffers(this=0x000077dfa91300e0) at GLContext.cpp:470:5 frame #9: 0x000077dfbdb81be0 libWPEWebKit-2.0.so.1`WebKit::ThreadedCompositor::renderLayerTree(this=0x000077dfa902c600) at ThreadedCompositor.cpp:304:16 frame #10: 0x000077dfbdb82898 libWPEWebKit-2.0.so.1`WebKit::ThreadedCompositor::ThreadedCompositor(WebKit::ThreadedCompositor::Client&, unsigned int, WebCore::IntSize const&, float, bool, WebKit::ThreadedCompositor::DamagePropagation)::$_0::operator()(this=0x000077dfa9001cc8) const at ThreadedCompositor.cpp:81:68 frame #11: 0x000077dfbdb82879 libWPEWebKit-2.0.so.1`WTF::Detail::CallableWrapper<WebKit::ThreadedCompositor::ThreadedCompositor(WebKit::ThreadedCompositor::Client&, unsigned int, WebCore::IntSize const&, float, bool, WebKit::ThreadedCompositor::DamagePropagation)::$_0, void>::call(this=0x000077dfa9001cc0) at Function.h:53:39 frame #12: 0x000077dfbd644007 libWPEWebKit-2.0.so.1`WTF::Function<void ()>::operator()(this=0x000077dfa903cca8) const at Function.h:82:35 frame #13: 0x000077dfbdb80468 libWPEWebKit-2.0.so.1`WebKit::CompositingRunLoop::updateTimerFired(this=0x000077dfa903cc70) at CompositingRunLoop.cpp:182:5 frame #14: 0x000077dfbdb89c89 libWPEWebKit-2.0.so.1`void std::__invoke_impl<void, void (WebKit::CompositingRunLoop::*&)(), WebKit::CompositingRunLoop*&>((null)=__invoke_memfun_deref @ 0x000077ddc29ff7af, __f=0x000077dfa9112dc8, __t=0x000077dfa9112dd8) at invoke.h:74:14 frame #15: 0x000077dfbdb89bcd libWPEWebKit-2.0.so.1`std::__invoke_result<void (WebKit::CompositingRunLoop::*&)(), WebKit::CompositingRunLoop*&>::type std::__invoke<void (WebKit::CompositingRunLoop::*&)(), WebKit::CompositingRunLoop*&>(__fn=0x000077dfa9112dc8, __args=0x000077dfa9112dd8) at invoke.h:96:14 frame #16: 0x000077dfbdb89b9d libWPEWebKit-2.0.so.1`void std::_Bind<void (WebKit::CompositingRunLoop::* (WebKit::CompositingRunLoop*))()>::__call<void, 0ul>(this=0x000077dfa9112dc8, __args=0x000077ddc29ff847, (null)=_Index_tuple<0UL> @ 0x000077ddc29ff81f) at functional:495:11 frame #17: 0x000077dfbdb89b56 libWPEWebKit-2.0.so.1`void std::_Bind<void (WebKit::CompositingRunLoop::* (WebKit::CompositingRunLoop*))()>::operator()<void>(this=0x000077dfa9112dc8) at functional:580:17 frame #18: 0x000077dfbdb89ad9 libWPEWebKit-2.0.so.1`WTF::Detail::CallableWrapper<std::_Bind<void (WebKit::CompositingRunLoop::* (WebKit::CompositingRunLoop*))()>, void>::call(this=0x000077dfa9112dc0) at Function.h:53:39 frame #19: 0x000077dfbd644007 libWPEWebKit-2.0.so.1`WTF::Function<void ()>::operator()(this=0x000077dfa903cca0) const at Function.h:82:35 frame #20: 0x000077dfbd74aed9 libWPEWebKit-2.0.so.1`WTF::RunLoop::Timer::fired(this=0x000077dfa903cc78) at RunLoop.h:195:33 frame #21: 0x000077dfc1065d5a libWPEWebKit-2.0.so.1`WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::operator()(this=0x000077ddc29ff907, userData=0x000077dfa903cc78) const at RunLoopGLib.cpp:177:16 frame #22: 0x000077dfc1065d09 libWPEWebKit-2.0.so.1`WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(userData=0x000077dfa903cc78) at RunLoopGLib.cpp:169:43 frame #23: 0x000077dfc1065a89 libWPEWebKit-2.0.so.1`WTF::RunLoop::$_0::operator()(this=0x000077ddc29ff977, source=0x00006424ef5ffd90, callback=(libWPEWebKit-2.0.so.1`WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*) at RunLoopGLib.cpp:169), userData=0x000077dfa903cc78) const at RunLoopGLib.cpp:53:28 frame #24: 0x000077dfc1064419 libWPEWebKit-2.0.so.1`WTF::RunLoop::$_0::__invoke(source=0x00006424ef5ffd90, callback=(libWPEWebKit-2.0.so.1`WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*) at RunLoopGLib.cpp:169), userData=0x000077dfa903cc78) at RunLoopGLib.cpp:45:5 frame #25: 0x000077dfb9346c44 libglib-2.0.so.0`g_main_context_dispatch + 372 frame #26: 0x000077dfb939c2b8 libglib-2.0.so.0`___lldb_unnamed_symbol2709 + 488 frame #27: 0x000077dfb93462b3 libglib-2.0.so.0`g_main_loop_run + 115 frame #28: 0x000077dfc1064d6a libWPEWebKit-2.0.so.1`WTF::RunLoop::run() at RunLoopGLib.cpp:108:9 frame #29: 0x000077dfc0ed6ad4 libWPEWebKit-2.0.so.1`WTF::RunLoop::create(WTF::ASCIILiteral, WTF::ThreadType, WTF::Thread::QOS)::$_0::operator()(this=0x000077dfa9112da8) const at RunLoop.cpp:114:9 frame #30: 0x000077dfc0ed6a99 libWPEWebKit-2.0.so.1`WTF::Detail::CallableWrapper<WTF::RunLoop::create(WTF::ASCIILiteral, WTF::ThreadType, WTF::Thread::QOS)::$_0, void>::call(this=0x000077dfa9112da0) at Function.h:53:39 frame #31: 0x000077dfbd644007 libWPEWebKit-2.0.so.1`WTF::Function<void ()>::operator()(this=0x000077ddc29ffb60) const at Function.h:82:35 frame #32: 0x000077dfc0fac489 libWPEWebKit-2.0.so.1`WTF::Thread::entryPoint(newThreadContext=0x000077dfa900dc20) at Threading.cpp:266:5 frame #33: 0x000077dfc10727d5 libWPEWebKit-2.0.so.1`WTF::wtfThreadEntryPoint(context=0x000077dfa900dc20) at ThreadingPOSIX.cpp:239:5 frame #34: 0x000077dfb8c94ac3 libc.so.6`start_thread(arg=<unavailable>) at pthread_create.c:442:8 frame #35: 0x000077dfb8d26850 libc.so.6`__clone3 at clone3.S:81 (lldb) ``` It does not reproduce when running with `WEBKIT_SKIA_ENABLE_CPU_RENDERING=1`. [1] https://github.com/microsoft/playwright/blob/1f0514536e1ca8a0b93ab774c03eef7c6966bd31/tests/library/browsercontext-viewport-mobile.spec.ts#L87-L95
Attachments
Add attachment proposed patch, testcase, etc.
Yury Semikhatsky
Comment 1 2024-09-12 11:47:38 PDT
For more context, the test creates a new page and calls `WebPageProxy::setUseFixedLayout(true)` on it followed by struct wpe_view_backend* backend = m_page.viewBackend(); wpe_view_backend_dispatch_set_size(backend, 300, 400); This can likely be easily reproducible in a WPE unit test.
Diego Pino
Comment 2 2024-12-05 03:22:16 PST
It seems this issue is no longer happening since 287060@main, so closing bug for now.
Note You need to log in before you can comment on or make changes to this bug.